The LDAP-UX Integration product for HP-UX uses the Lightweight Directory
Access Protocol (LDAP) to centralize HP-UX
management in an LDAP directory. LDAP-UX Integration enables the LDAP
directory to be used as a central service for HP-UX
authentication and authorization as well as a central repository for
service configuration including integrated account and group
management.

The LDAP-UX Integration main components are described briefly in the
following list:

The LDAP-UX Client Services enable HP-UX clients to use a
centralized LDAP directory server for unified authentication, access
control policy and name service information. This includes support for
joining a Windows Active Directory domain. The
pam_ldap and
pam_authz
modules are included in this component, which provide rich
authentication and access control policy enforcement. The Mozilla
LDAP C SDK is included as well, to provide application integration with
LDAP directory servers.

The NIS/LDAP Gateway is a server for legacy Network
Information Service (NIS) clients. The NIS/LDAP Gateway daemon
(ypldapd) allows LDAP to serve as a name service repository instead
of the traditional NIS maps. If you are migrating from NIS to LDAP,
you can use the NIS/LDAP Gateway to help you phase in the transition
to LDAP in a large organization.

LDAP-UX Integration provides a variety of features that allow for advanced
integration into an LDAP-managed identity and security framework. Among
the many features are:

Integrated Security:

Via libpam_ldap, the LDAP directory server can act as a central
authentication service, providing centralized account and password
policies, including support for long passwords.

LDAP-UX can also share group management with other
LDAP-enabled applications. By following the X.500 group membership
specification, groups managed in the directory server, including
Windows ADS, will appear as traditional POSIX-style groups in
HP-UX. LDAP-UX also supports dynamic groups (groups based on
LDAP filters), allowing simplified group management.

Via libpam_authz, information in the LDAP directory server can
provide advanced access control policies to grant and limit access
to HP-UX services.

Integrated Identity:
Allows for HP-UX to use the same account and group information shared
among multiple directory-enabled services. Advanced attribute mapping,
following the configuration profile standard defined in RFC 4876,
minimizes the need to create duplicate schema. For example, the
employeeNumber attribute can also serve as the HP-UX
user id number.

Joining Windows domains:
Allows HP-UX to join an existing Windows domain or forest. Users
from multiple domains can login to the same HP-UX host.

Simplified Setup:
Greatly simplifies configuration of HP-UX to use centralized LDAP
management. A new directory server and LDAP-UX domain can be created in
a matter of moments with minimal input, or LDAP-UX can join an existing
domain (Windows or LDAP-UX) by only specifying the directory server host
or domain name to join and administrator credentials.

SSH Host Key Management:

Allows for management of ssh host keys used by HP Secure Shell.
By placing ssh host keys in the directory server, trust can be
pre-established between hosts in a domain, eliminating the need for
end users to respond to the often ignored "man-in-the-middle"
prompts. Refer to
HP Secure Shell for additional information.

Long Term Identity & Credential Caching:
Allows for HP-UX to continue functioning with cached data, even when
connection with the directory server has been lost.

Context-Aware Object Management Tools:
Advanced command-line tools allow administrators and scripts
to manage users, groups and hosts in the directory server without needing
to be fully aware of LDAP context. These tools hide the complexity of
managing data in the directory server by automatically handling
connection management, attribute mapping and directory data location.

New in LDAP-UX Integration B.05.00

LDAP-UX Integration B.05.00 offers the following new features:

SSH Key Management:
Allows for management of ssh host keys used by HP Secure Shell.
By placing ssh host keys in the directory server, trust can be
pre-established between hosts, eliminating the need for users to
respond to the
"man-in-the-middle" prompts. LDAP-UX can also be used to centrally
manage ssh configuration.

Guided Installation Mode:
More than just "Guided Installation", this mode greatly simplifies the
installation of LDAP-UX. Guided Installation can provide complete
configuration to enable HP-UX to use LDAP centralized management, while
requiring only minimal input (the directory server host name or Windows
domain name plus an administrators name and password). Guided
Installation mode can also create a new directory server instance (using
HP-UX Directory server) and define an LDAP-UX "domain" that provides a
management framework for centralized user, group and host management
(including ssh host keys).

Long Term Identity & Credential Caching:
Allows for HP-UX to continue functioning with cached data, even
when connection with the directory server has been lost.

IPv6 support:
LDAP-UX services and utilities have been enhanced to support the IPv6
protocol. Connections to a directory server with an IPv6 address is
supported by ldapclientd (used to manage all OS interactions with
the directory server) as well as the LDAP utilities provided
with LDAP-UX.

Local-only Configuration:
Optionally, version B.05.00 allows LDAP-UX to be configured with a
locally defined configuraiton profile instead of requiring the
configuration profile be stored in the directory server. This
feature allows LDAP-UX to be configured when there are restrictions
in adding the configuration profile schema to the directory server.

Library Versioning added to the LDAP SDK:
Version B.05.00 delivers named versions of both the 5.17.1 and 6.0.5
versions of the LDAP C SDK to improve compatibility with applications.

Note: Release B.05.01 is an update to B.05.00, containing several fixes.
For more information, please refer to LDAP-UX Integration B.05.01
Release Notes.

Product Documentation

Use the following documents in conjunction with each other when using
LDAP-UX Integration B.05.01: